Now that your customer selected Klarna to pay, let's get the purchase authorized.
In this step, you send all the necessary customer details for Klarna to assess and decide whether or not to accept this purchase. When the authorization is successful, you receive an authorization token as a response, useful for Step 3: Create an order.
The authorization is possible through the
authorize() call happening on the client side.
The following information is useful for both scenarios, one-time and recurring payments.
Get authorization for the purchase by using the
authorize() call. Add the following parameters:
billing_address, containing the details of the address for billing. This is a required parameter
shipping_address, containing the details of the address for shipping. This is an optional parameter.
We recommend you to call
authorize() using a full request (like in the example) to ensure you're sending us complete and updated information the information is up to date.
If you do not provide a shipping address, we duplicate the billing address and use it as the shipping address.
In some cases, Klarna requires additional information about the customer and purchase. We recommend you send it in the
authorize() call. For more information, see the Extra merchant data section.
For GDPR (General Data Protection Regulation) reasons, you should not send customer data before the
Klarna uses all this information to make the risk assessment. To see what data you need per market and how to format it, check the Customer data requirements.
authorize() call and until you receive the callback, Klarna conducts the risk assessment. You need to visually indicate to your customer that an ongoing process is happening. For a better user experience, we suggest:
authorize()call (for example, disable the buy button)
After processing the
approved, containing the authorization result. It's a boolean value that indicates approved or denied.
show_form, showing the availability of the Klarna widget. It's a boolean value that indicates displayed or hidden.
authorization_token, containing the token that allows you to place the order. This is only returned if it's an approved authorization.
error, containing details of potential error messages.
The following table lists the combination of values in the response.
|FALSE||FALSE||Disable Klarna’s widget and pre-select another payment method.|
|TRUE||FALSE||Display Klarna’s widget and show the error message to the customer. Let the consumer change details and try again.|
|TRUE||TRUE||Create an order and redirect the customer to the next view.|
There are three potential cases that you need to handle based on the response:
If the response is
approved: true, Klarna has approved the authorization for this purchase.
authorization_token allows you to create an order for both scenarios, recurring and one-time payments. The token is valid for 60 minutes.
We suggest you store the
authorization_token in a hidden form field and send it to the backend with the submission button (for example, the Buy button).
If the response is
show_form: true, but comes with an
error object containing
invalid_fields, something fixable is wrong and the customer needs to take action. The widget displays an error message asking the customer to make corrections before you re-authorize the purchase. The error message points out which fields are incorrect.
It's also possible that the response is
approved: false and
show_form: true, but the callback doesn't include
error. This means the customer has terminated a required interaction in the widget, such as authentication or sign-up flows. In this case, you should keep Klarna payment methods visible so that the customer can make another purchase attempt.
We suggest you use the error message in the callback object to highlight a specific input field on your page.
If the response is
show_form: false, the purchase is declined. You should hide the widget, and the user might select another payment method.
This negative response results from the risk assessment that Klarna executes for the purchase. We do not share information about why a certain purchase was rejected, as we keep our risk and fraud policies internal.